Posted
by
CmdrTaco
on Wednesday December 20, 2006 @10:40AM
from the something-to-think-about dept.

Regular Slashdot contributor Bennett Haselton writes in to say "The December 1st release of Psiphon has sparked renewed interest in
the various software programs that can help circumvent Internet censorship
in China, Iran, and other censored countries. (Some of this interest
undoubtedly being motivated by the fact that many of these programs also
work for getting around blocking software at work or school.) Have you
ever wanted to understand the science behind these programs, the way that
mathematicians and codebreakers understand the magic behind PGP? If you
loved the mental workout of reading "Applied Cryptography",
have you ever wanted a tutorial to do the same for Psiphon and Tor and
other anti-censorship programs?" The rest of his editorial follows.

Well, here's a primer, but you might be disappointed. Like making the
Statue of Liberty disappear, it doesn't sound very cool once you know how
it's done; the truth is that most anti-censorship programs, including
mine, only work because the censors are not trying very hard.

(Note that I am going to be talking about ways that certain anti-censorship
programs can be defeated. I don't believe that this is giving much help to
censors, because these are obvious weaknesses that would occur to anyone
who knows how the programs work. For reasons I'll get into at the end, I
don't think these weaknesses actually make much difference.)

Basically, all anti-censorship programs fall into two categories: those
that require you to have a helper outside of the censored country, and
those that don't.

Take Psiphon. To use Psiphon, someone in a non-censored country has to
install it on their home computer, which turns their computer into a Web
server with an interface similar to Anonymouse.org, where you type in the URL of
the page you want to view and it fetches it for you. The difference, of
course, is that Anonymouse.org is widely known and blocked by any
self-respecting Internet filtering system, while your newly created Psiphon
URL pointing to your home computer is not blocked anywhere, yet. So if you
set up a Psiphon URL on your computer in the U.S. and e-mail it to your
friend in China, your friend can use it to surf wherever they want. (Note
that this also has the desirable property that the person in China doesn't
have to install any software, so they can use the URL even from a cybercafe
computer with restricted user permissions.) The hurdle, of course, is that
the person in China has to have a contact outside the country to help
them. This is not a huge barrier for many Chinese, but it still means the
program doesn't have the instant gratification property of something that
you turn on and it just works.

Peacefire, by the way, had released the Circumventor program in 2003 which did
essentially the same thing. (And the Circumventor was itself really just a
wizard for installing a Web server with James Marshall's CGIProxy script, which deserves most of the
credit, although the Circumventor did help bring it "to the masses", since
most users don't have the ability to set up an SSL-enabled Web server
themselves.) Psiphon made some improvements, namely:

Ability to create password-protected accounts to restrict the URL to
certain users.

Smaller download (although it may not matter much since only broadband
users would be installing it anyway).

Ability to run on Linux. (Circumventor only works on Windows, although
you can install CGIProxy on a
Linux webserver if you know how.)

Circumventor has some of its own advantages, although they're the kind that
could easily be incorporated into Psiphon soon:

A wizard to help users forward incoming connections on their router and
enter exceptions in software firewalls to make the software work. (If they
want to. No tweaking people's firewall settings without asking them!)

Slightly harder to block, due to some strategies such as using a
different SSL certificate for each install (Psiphon uses the same one each
time).

And both programs fall victim to the same attacks, although as far as I
know, none of these have been implemented in practice:

Blocking sites whose SSL certificates do not match the site hostname
(easier for a censoring proxy server like the ones used in the Middle East,
than for an IP firewall like the Great Firewall of China).

But basically, they're the same program -- so the difference in press
coverage has been illustrative of how much context matters to
reporters. Psiphon is the "politically correct" version -- they've played
down the fact that it can be used to get around blocking software in
schools and played up the fact that it can be used to beat the censors in
China and Iran, and the
press
coverage has focused exclusively on that human rights aspect. The
Circumventor was also written to help foreign victims of censorship, and
articles have been written about its uses for that purpose, but I've also
been unapologetically promoting its use to get around blocking software at
home and in school, as part of an
advocacy for
greater civil rights for people under 18. (Also because the more
installations there are in the U.S., the more it helps users abroad.) As a
result, some of the TV news pieces about it have used such ominous music
and lighting that they practically looked like recycled footage from "To Catch a
Predator". Of course, Psiphon can be used for exactly the same
thing. (I also emailed some of the reporters who recently wrote about
Psiphon, to tell them about Circumventor; so far, I haven't heard back from
any of them, but I doubt they're being politically correct this time, I
think they're just not thrilled that C-Net scooped them by three years
and seven months.)

So, Psiphon and Circumventor fall in the first category -- programs that
only work if you've got a contact outside the censored country to help
you. In the second category is Tor,
which was originally written to provide mathematically secure anonymity,
but had the nice property that it could be used to get around the Great
Firewall of China as well. With your browser in China using Tor as a
proxy, packets are routed to other Tor nodes outside the country, which
connect you with any blocked Web site that you want to see. Best of all,
you just install it on a machine in China, and presto, it works, no nagging
your expat cousin in the U.S. to install something on their computer to
help you. Dynamic Internet
Technologies, run by Chinese dissident Bill Xia in North Carolina, runs
another service that works "out of the box" -- you send an instant-message
to one of the DIT screen names, and it replies with a list of currently
running Web proxies. (Bill has asked me not to publicize the actual screen
names that perform this service, because it's intended only for Chinese
users. I think that's a case of "security through
obscurity", but I respect his wishes.)

Unfortunately, all such "instant gratification" solutions have the same
basic weakness, which by a simple argument can be extended even to
hypothetical future programs in the same category. In the case of a
program like Tor, the censor only has to install the software, look at what
IP addresses the software connects to when it bootstraps itself, and add
those IP addresses to the blacklist. Even if the software chooses at
random from multiple IP addresses to bootstrap to, the censor can still
obtain all of them by repeatedly re-installing the software (possibly
wiping the machine each time so the software can't tell that it's been
installed before). No matter how you slice it, if Alice the legitimate
user and Bob the censor download the program on the same day, Bob can make
the program not work for Alice if he updates the blacklist quickly
enough. He doesn't even have to reverse-engineer the software, he just has
to use a network sniffer to see where it connects to. (For DIT's
proxy-by-instant-message system, the censor can instant-message the screen
name repeatedly, from different accounts, until they've collected and
blocked all the available proxies; this would be analogous to re-installing
Tor repeatedly and seeing what IPs it connects to.)

Peacefire has produced other approach which is a simple, obvious idea, and
it was quite by accident that we found out it slips through the cracks of
the seemingly "unsolvable" problem with instant-gratification outlined
above. Like the other solutions, it works only as long as the censors are
fairly lazy, but they are, and it does. About 30,000 people have signed up
through a form on
our site to be notified each time we create a new Circumventor site and
mail it out, every 3 or 4 days. Agents of the blocking companies have
joined the list too, of course, but we mail different sites to different
subsets of the list. Now, an attack analogous to the attacks listed in the
previous paragraph, would be for the censors to join under many different
accounts, and then block any site that gets mailed to any of those
accounts. But the catch is that when an address joins the list, a new site
doesn't get mailed to that address until some random time in the
future. So the censor has to check all of the fake Hotmail accounts that
they've created, over and over, if they want to block all of the new sites
as soon as they're released. Hardly impossible, but the censor can no
longer use the instantaneous approach of: (1) enter the system / join the
list / install the software; (2) see where it connects to and block those
points of access; (3) repeat. (If we instantly e-mailed a randomly
selected site to each new signup, then this attack would work.) By going
from instant gratification to almost-instant-gratification, you
change one of the conditions for the theorem stated in the previous
paragraph, so that it no longer holds true. Still, like Tor and the DIT
system, it could be blocked with a moderate amount of effort.

The Tor protocol, by the way, has been the subject of a great deal of
sophisticated
mathematical analysis, really brainy stuff that is beyond the scope of
this article. But it's important to understand that that analysis focuses
on the security of the Tor protocol for achieving anonymity. For
anonymity, the protocol is very strong; for routing around censorship, it's
fairly straightforward to defeat. That's not at all a criticism of the Tor
developers; Tor was designed to achieve anonymity, and just turned out to
work for beating censorship as well -- but only, of course, as long as the
censors aren't making much effort to block it.

Which all leads to the obvious question: Why have the censors not bothered?

Nobody knows for sure, but I fear the answer is that the Chinese government
and other censors know that the greatest weapon in their arsenal is not IP
blocking, or keyword filtering, or even the threat of arrest. It's just
apathy. The Chinese censors know what we anti-censorware developers in the
free world keep forgetting: that most Chinese are not liberty-minded
Jeffersonians chomping at the bit under the oppressive yoke of their
government and waiting to be freed by circumvention software. As Michael
Chase and James Mulvenon of the RAND Corporation put it in their report on
Internet usage by Chinese dissidents, You've Got
Dissent!: "[A]lthough some peer-to-peer applications... are designed
specifically to combat censorship on the Internet and address privacy
concerns, most Chinese Internet users are undoubtedly more interested in
using peer-to-peer applications for entertainment purposes such as
downloading MP3 music files." The censors know what Netscape knew when
they fought tooth and nail against Microsoft including Internet Explorer on
the desktop of every Windows machine: defaults matter. It doesn't matter
that users can go to Netscape's site and download their browser, and
it doesn't matter that users can access a banned site by installing
a cool p2p program. Most people just don't.

When I first started working on the Circumventor, I assumed that since the
Chinese Internet censorship bureau reportedly employed about 30,000 people,
surely if they were already spending that much effort and money, they'd
throw plenty of resources at defeating any new anti-censorship program, so
the Circumventor would have to be able to withstand any such attack. But I
was wrong. According to the RAND corporation paper, the censors have been
quite busy, for example, policing political forums for dissident postings
that other users might casually run into. But they apparently assume --
correctly, it seems -- that content doesn't pose much of a threat if users
have to go out of their way and download a program to access it. And if
the user has to have a friend outside the country to help them, then forget
it.

This is not to downplay the enormous good that programs like Tor,
Circumventor and Psiphon can do in bringing free speech to the people in
censored countries who want it. But it's easy to forget that those often
do not comprise a large part of the population.

One of the biggest disappointments for me came in May 2005 when I was
looking for ways to get around the word filter on MSN China's blogging
service. Microsoft, apparently acting on public relations advice from Lex
Luthor, had decided to filter the words "freedom", "democracy", and "Taiwan
independence" from the titles of blogs on MSN China. (I know, I know, they
have to comply with Chinese laws to do business there. But I don't think
the Chinese have actually outlawed the word "democracy".) Eventually I did
find a loophole,
so I searched on MSN for some Chinese blogs published by expatriates to ask
them to help test the workaround for me. With a few exceptions, most of
the bloggers were rather hostile, saying that they supported their
government's efforts to censor the Internet and to stamp out Falun Gong as
a dangerous "cult". (These were expats living in the U.S., so presumably
they were not worried about the Chinese government sending a tank across
the Pacific to run them over if they criticized the ruling party. Even if
they thought they had to watch what they said because they might someday
return to China, or because they still had family there, surely it would
have been easier just to ignore me; the hostility that I encountered
sounded genuine.) The moral is, no matter how much your movement believes
in its efforts to help oppressed people, you can't just assume you'll be
greeted as liberators (ahem).

So now you know most of what there is to know about the state of the art in
anti-censorship software. It's just that there is less to understand than
the hype originally suggests -- the programs aren't really secure, but they
work because the censors aren't really trying. And there aren't any cool
mathematical formulas that you can impress your friends with -- for that,
you'll still have to go back to Applied Cryptography. It's a lot
less impressive to be the Bruce Schneier of circumvention algorithms than
it is to be the real
Bruce Schneier.

Too bad nobody mentioned JAP yet. It's similar to TOR, except it uses pre-defined anonymizing proxies rather than random nodes (so you know exactly who you're trusting).
It will also circumvent censorship, and it's pretty much unblockable. Every client has an option built in to share his bandwidth for people who are behind censoring firewalls, esentiallly becoming another public proxy. This means that if you need to get around censorship, you can have JAP (the client program) automatically supply you with

the truth is that most anti-censorship programs, including mine, only work because the censors are not trying very hard.

Well, in that case, I recommend that you 'censor' yourself. Seriously. Apply some techniques that would make your software fail, then see what you can do to work around them. Then, if (when) China and other censorship countries decide to step up and do something you're already a few steps ahead of them.

Well, see, a lot of times people post without an account because they're afraid to let people know it's them holding that opinion. Thusly, it's easy to draw the conclusion that people posting anonymously = coward.
Plus, it's free. Grow a pair and register.

Anonymous Cowards (no, not you but GP) don't have account preferences. I drop to -1 every time I get mod points, but don't see why anyone would regularly do it though. Despite some cases of "I don't like you so I'll mod you down" at least 95% deserve to be there.

Oh yeah that's right, well, didn't pay attention. If he really wants any option to see only -1's he'll log in no matter what.

By the way, I think your signature explains extremely well the nuance between the two licenses, makes me wonder why I've always chose the GPL license over the BSD/MIT one when submitting SourceForge projects.

They already talked about using IM to spread IP addresses. Ultimately, the problem is that there is no way to distinguish the 'good guys' from the 'bad guys'. Otherwise, you could just never send the IP information to the 'bad guys'.

The brute-force solution to the problem is to get everyone using anonymizing software like this, so that the options are to block all outside access (i.e. China blocks international IPs altogether) or to effectively let everyone have access to all the information.

Of course, the difficulty of doing this is extreme. Microsoft could pull it off by putting Tor into all of its products, but few other companies have any shot of getting anonymizing software on their computers. Of course, the anonymization itself has disadvantages: logging becomes useless (where'd that attack come from? A Tor exit node!), laws regarding the Internet become useless... effectively, the Internet becomes even more like the wild west, only you can't even have vigilante justice.

but why not make the outside servers the ones that contact the inside clients, instead of the other way round?
Sure, it could open the way for easy detection of people on the inside, but there's more than one way to skin a cat.

What if the connections were encrypted? The outside client would send an encrypted "ping" sort of deal that inside clients wait for, and when received, the client establishes a connection. Then there is no list of outside servers that can be sent via IM or email, and received by the censor. If the censor sets up a client, then the outside server could turn the tables and stop pinging the censor's client. It takes the control away from the censor.

Tor *IS* a peer-to-peer proxying system [eff.org], that makes it extremely difficult to trace traffic back to a source. The anonymizing is its primary purpose, although it achieves that by implementing a network of p2p nodes. Like the article said, its ability to circumvent censoring firewalls is a secondary feature, more of a side effect (see this FAQ entry [noreply.org]).

Also, AFAIK, Skype does not actually route the voip traffic over proxies.

...if you're an opressive government, you can simply assume that whoever is using an anonymous network is trying to pull something dirty, due process and innocent until proven guilty be damned. The whole article focuses on blocking in the future - what about logging the past? Look up the Great Firewall's logs of who's connected to that server, and you've got a bunch of people to flag/arrest. The only real cure is popularity - you didn't visit the network to be anonymous, you visited it because that's where all the mp3s/divx/warez/pr0n/whatever is. Sorta like Internet;)

A friend of mine is living in China and he keeps telling me that the average urban chinese is a lot like a western person. Simply doesn't care about politics. Those that use these programs already appreciate the value of democracy. This is one of those matters where technology won't make a difference. Freedom must be pushed from the inside by example, by those who believe in it, even if it is extremely painful.

In Portugal, my country, we had a dictatorship during almost 50 years, and it was not outside influence that finally broke it. At some point a critical mass of will for change and for freedom was achieved and a revolution was made. In Spain, in a similar scenario, it was the death of Franco that allowed the ascent to the power of a more democratic government.
More over, different cultures see democracy through a different perspective, some give it the up most value, others see it as the way to get a corrupt pro western leadership, as in islamic public opinion. Others value more stability over freedom... In China, the current communist regime provided the greatest war free period in centuries.

To be successfully achieved and perpetuated, democracy must be actively wanted by the citizens.

Freedom must be pushed from the inside by example, by those who believe in it, even if it is extremely painful.

In Portugal, my country, we had a dictatorship during almost 50 years, and it was not outside influence that finally broke it.

It's not just freedom of speech in the politicial sense. They would not even accept "free beer" let alone "free speech".

I tried very hard to push awareness of F/OSS to my colleagues, teachers and parents. (I'm a grade Senior Three, equiv. to grade 12 in the US). But none of them saw them interesting. I'm perhaps the only one in my class to use Firefox and Linux (Psst. I'm also a Microsoft fanboy).

Yeah, freedom must be pushed from the inside. But then it's not a matter of days. Be patient. But keep pus

Unlike the others you listed, anoNet is a full IP network built using standard OSS tools (OpenVPN [openvpn.net] and Quagga [quagga.net] being the heart of the network).

It is far from a perfect at giving absolute anonymity at the software level, it requires you to use some common sense. On the plus side, *you* get to decide who you trust and how much you trust them. Like TOR, the more people that are a part of anoNet, the more anonymous the network becomes. Think of the network in terms of old school BB

Thanks for this information, i added anoNet to my list:)For the record, everything i listed _is_ FOSS...

But, uhm, while being an interesting project i don't understand how anoNet differs from standard VPN + routing between friends?What advantages would this have over I2P which adds pseudonym's for examples...Or FreeNet with anonymous storage?Or Waste which does the same as what i understand from anoNet but in a simpler way with added search capacity?Or OpenSwan with opportunistic encryption?

Sorry for the confusion concerning our use of FOSS. I didn't mean to imply that the other networks that you mentioned weren't FOSS software. What I was trying to get across was that we use standard FOSS tools as opposed to writing something custom.Now to address your points:

But, uhm, while being an interesting project i don't understand how anoNet differs from standard VPN + routing between friends?

You are correct, there isn't much different other than the fact that you don't need to be invited to join anoN

The funniest assumption is that: what we access with (for example) Google is not censored (or at least not manipulated) within the "Free World" countries.One way of manipulating is analogue to chemical "competitive inhibition" - the inhibitor is present in concentration high enough, that virtually any access of the substrate to enzyme's catalytic center becomes impossible.In real life this may be achieved by saturating the attention with propaganda.For example: I have tried to find the site of organizers of